[Snort-users] Snort 2.9 for IPv6

oleg gv oagvozd at gmail.com
Wed Feb 21 09:27:36 EST 2018


Daq can not sniff both on V4 and v6. So 2 instanses of snort is the only
way?

2018-02-21 17:17 GMT+03:00 oleg gv <oagvozd at gmail.com>:

> Hello,
> I can not see alert on the next rules
>
> alert ip any any --> IPV6_ADDRESS any (...)
>
> alert icmp any any --> IPV6_ADDRESS any (...)
>
> I use ping6 to test it.
>
> Ipv4 test works fine.
>
> Snort is build with --enable-ipv6 and uses ip6tables NFQUEUE.
>
> Other ipv6 tcp/udp alerts also works fine.
>
> Is it possible to detect IPv6 addresses in ip/icmp protocol rules  ?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180221/ffbd2efa/attachment.html>


More information about the Snort-users mailing list